// named.conf file for ns-master.fedoraproject.org
// located in /var/named/chroot/etc/named.conf
// By: Elliot Lee <sopwith@redhat.com>
// 2005/12/21 for fedoraproject.org
// Based on the same file for ns-master.gnome.org
// By: Matthew Galgoci <mgalgoci@redhat.com>
// 2003/10/13 for gnome.org
//

// Setup for GeoDNS
include "/var/named/GeoIP.acl";

//include rndckey
include "/etc/rndc.key";

// general acls
acl "everyone-v4" { 0.0.0.0/0;  };
acl "everyone-v6" { ::0/0; };
acl "everyone" { 0.0.0.0/0; ::0/0; };
//
acl "ns_redhat" { 66.187.233.210; 209.132.183.22; 209.132.183.30; 209.132.183.2; 66.187.229.10; };
//
acl "iad2net" { 10.3.160.0/19; 10.16.0.0/24; };
acl "rdu2net" { 172.31.1.0/24; 172.31.2.0/24; };
acl "rh-slaves" { 10.11.5.70; };
acl "rh" { 10.0.0.0/8; };
//
options {
        directory "/var/named";
        auth-nxdomain yes;
        allow-query { everyone; };
        dnssec-enable yes;
        query-source address * port *;
        query-source-v6 address * port *;
        allow-transfer { localhost; rh-slaves; rh;};
        //transfer-source * port 53;
        pid-file "/var/run/named/named.pid";
        statistics-file "/var/log/named.stats";
        provide-ixfr no;
	tcp-clients 1000;

        version "cowbell++";

	listen-on port 53 {
                any;
        };
        listen-on-v6 port 53 {
                any;
        };
        notify yes;
        minimal-responses yes;
        // rate-limit requests
        rate-limit {
                responses-per-second 25;
                window 5;
        };
};
//
logging {
    channel "normal" {
	syslog;
        severity info;
        print-time yes;
        print-category yes;
        print-severity yes;
    };
    category "default" { "normal"; };
    category "general" { "normal"; };
    category "database" { "null"; };
    category "security" { "normal"; };
    category "config" { "normal"; };
    category "resolver" { "normal"; };
    category "xfer-in" { "normal"; };
    category "xfer-out" { "normal"; };
    category "notify" { "normal"; };
    category "client" { "null"; };
    category "network" { "null"; };
    category "update" { "normal"; };
    category "queries" { "null"; };
    category "dispatch" { "null"; };
    category "dnssec" { "normal"; };
    category "lame-servers" { "null"; };
};
//
// Who can rndc our server (only localhost)...
//
controls {
    inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
};

view "IAD2" {
     match-clients { iad2net; rh-slaves; 192.168.0.0/16; rh; };
     allow-recursion { localhost; iad2net; rh-slaves; rh; };
     recursion yes;
     // no rate-limit on internal requests
     rate-limit {
          exempt-clients { iad2net; rh-slaves; };
     };

  # make sure we forward only for redhat.com lookups
     zone "redhat.com" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "projectatomic.io" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

     zone "beaker-project.org" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

  # also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
     zone "jboss.org" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

  # We can't access the internal Zanata servers. Just use external
     zone "zanata.org" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

  # We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
     zone "softwarefactory-project.io" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

     zone "3.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "4.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "5.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "186.132.209.in-addr.arpa." {
           type forward;
           forward only;
           forwarders { 10.39.144.11; 10.69.144.11; 10.11.191.1; };
     };

     zone "phx2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/phx2.fedoraproject.org.signed";
     };
     zone "iad2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/iad2.fedoraproject.org.signed";
     };
     zone "mgmt.iad2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/mgmt.iad2.fedoraproject.org";
     };
     zone "stg.iad2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/stg.iad2.fedoraproject.org";
     };

     zone "mgmt.rdu-cc.fedoraproject.org" {
             type master;
             file "/var/named/master/built/mgmt.rdu-cc.fedoraproject.org";
     };

     zone "rdu2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/rdu2.fedoraproject.org";
     };

     zone "s390.fedoraproject.org" {
             type master;
             file "/var/named/master/built/s390.fedoraproject.org";
     };

     zone "0.16.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/0.16.10.in-addr.arpa";
     };

     zone "2.31.172.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/2.31.172.in-addr.arpa";
     };

     zone "160.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/160.3.10.in-addr.arpa";
     };
     zone "161.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/161.3.10.in-addr.arpa";
     };
     zone "162.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/162.3.10.in-addr.arpa";
     };
     zone "163.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/163.3.10.in-addr.arpa";
     };
     zone "164.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/164.3.10.in-addr.arpa";
     };
     zone "165.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/165.3.10.in-addr.arpa";
     };
     zone "166.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/166.3.10.in-addr.arpa";
     };
     zone "167.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/167.3.10.in-addr.arpa";
     };
     zone "168.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/168.3.10.in-addr.arpa";
     };
     zone "169.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/169.3.10.in-addr.arpa";
     };
     zone "170.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/170.3.10.in-addr.arpa";
     };
     zone "171.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/171.3.10.in-addr.arpa";
     };
     zone "172.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/172.3.10.in-addr.arpa";
     };
     zone "173.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/173.3.10.in-addr.arpa";
     };
     zone "174.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/174.3.10.in-addr.arpa";
     };
     zone "175.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/175.3.10.in-addr.arpa";
     };
     zone "176.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/176.3.10.in-addr.arpa";
     };
     zone "177.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/177.3.10.in-addr.arpa";
     };
     zone "178.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/178.3.10.in-addr.arpa";
     };

     zone "fedoraproject.org" {
             type master;
             file "/var/named/master/built/IAD2/fedoraproject.org.signed";
     };

     zone "cloud.fedoraproject.org" {
             type master;
             file "/var/named/master/built/IAD2/cloud.fedoraproject.org.signed";
     };

     zone "getfedora.org" {
             type master;
             file "/var/named/master/built/IAD2/getfedora.org.signed";
     };

     zone "pagure.io" {
             type master;
             file "/var/named/master/built/IAD2/pagure.io";
     };

     include "/etc/named/zones.conf";
};

view "RDU2" {
     match-clients { rdu2net; 192.168.0.0/16; };
     allow-recursion { localhost; rdu2net; };
     recursion yes;
     // no rate-limit on internal requests
     rate-limit {
          exempt-clients { rdu2net; };
     };

  # make sure we forward only for redhat.com lookups
     zone "redhat.com" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "projectatomic.io" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

     zone "beaker-project.org" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

  # also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
     zone "jboss.org" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

  # We can't access the internal Zanata servers. Just use external
     zone "zanata.org" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

  # We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
     zone "softwarefactory-project.io" {
           type forward;
           forward only;
           forwarders { 8.8.8.8; 8.8.4.4; };
     };

     zone "3.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "4.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "5.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
     };

     zone "186.132.209.in-addr.arpa." {
           type forward;
           forward only;
           forwarders { 10.39.144.11; 10.69.144.11; 10.11.191.1; };
     };

     zone "phx2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/phx2.fedoraproject.org.signed";
     };
     zone "iad2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/iad2.fedoraproject.org.signed";
     };
     zone "mgmt.iad2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/mgmt.iad2.fedoraproject.org";
     };

     zone "stg.iad2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/stg.iad2.fedoraproject.org";
     };

     zone "mgmt.rdu-cc.fedoraproject.org" {
             type master;
             file "/var/named/master/built/mgmt.rdu-cc.fedoraproject.org";
     };

     zone "rdu2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/rdu2.fedoraproject.org";
     };

     zone "s390.fedoraproject.org" {
             type master;
             file "/var/named/master/built/s390.fedoraproject.org";
     };

     zone "0.16.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/0.16.10.in-addr.arpa";
     };

     zone "2.31.172.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/2.31.172.in-addr.arpa";
     };

     zone "160.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/160.3.10.in-addr.arpa";
     };
     zone "161.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/161.3.10.in-addr.arpa";
     };
     zone "162.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/162.3.10.in-addr.arpa";
     };
     zone "163.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/163.3.10.in-addr.arpa";
     };
     zone "164.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/164.3.10.in-addr.arpa";
     };
     zone "165.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/165.3.10.in-addr.arpa";
     };
     zone "166.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/166.3.10.in-addr.arpa";
     };
     zone "167.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/167.3.10.in-addr.arpa";
     };
     zone "168.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/168.3.10.in-addr.arpa";
     };
     zone "169.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/169.3.10.in-addr.arpa";
     };
     zone "170.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/170.3.10.in-addr.arpa";
     };
     zone "171.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/171.3.10.in-addr.arpa";
     };
     zone "172.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/172.3.10.in-addr.arpa";
     };
     zone "173.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/173.3.10.in-addr.arpa";
     };
     zone "174.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/174.3.10.in-addr.arpa";
     };
     zone "175.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/175.3.10.in-addr.arpa";
     };
     zone "176.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/176.3.10.in-addr.arpa";
     };
     zone "177.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/177.3.10.in-addr.arpa";
     };
     zone "178.3.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/178.3.10.in-addr.arpa";
     };

     zone "fedoraproject.org" {
             type master;
             file "/var/named/master/built/NA/fedoraproject.org.signed";
     };
     zone "cloud.fedoraproject.org" {
             type master;
             file "/var/named/master/built/NA/cloud.fedoraproject.org.signed";
     };
     zone "getfedora.org" {
             type master;
             file "/var/named/master/built/NA/getfedora.org.signed";
     };
     zone "pagure.io" {
             type master;
             file "/var/named/master/built/NA/pagure.io";
     };

     include "/etc/named/zones.conf";
};

// The zones
view "NA" {
        match-clients { US; CA; MX; BM; GL; AG; AI; BS; BZ; CR; CU; DO; GT; HN; HT; JM; KY; NI; PM; PR; SV; TC; VG; VI; };
        recursion no;
        // no rate-limit on internal requests
        rate-limit {
             exempt-clients { ns_redhat; };
        };
        zone "fedoraproject.org" {
                type master;
                file "/var/named/master/built/NA/fedoraproject.org.signed";
        };
        zone "cloud.fedoraproject.org" {
                type master;
                file "/var/named/master/built/NA/cloud.fedoraproject.org.signed";
        };
        zone "getfedora.org" {
                type master;
                file "/var/named/master/built/NA/getfedora.org.signed";
        };
        zone "pagure.io" {
                type master;
                file "/var/named/master/built/NA/pagure.io";
        };
        include "/etc/named/zones.conf";
};


// This should have been EME and during the next freeze break should be made as such.
view "EU" {
	match-clients { AD; AL; AT; AX; BA; BE; BG; CH; CZ; DE; DK; EE; ES; FI; FO; FR; GB; GG; GI; GR; HR; HU; IE; IM; IS; IT; JE; LI; LT; LU; LV; MC; ME; MK; MT; NL; NO; PL; PT; RO; RS; RU; SE; SI; SJ; SK; SM; UA; VA; AE; AM; AZ; BH; CY; GE; IL; IQ; JO; KW; LB; OM; QA; SA; TR; YE; BY; MD; PS; SY; };

        recursion no;
        zone "fedoraproject.org" {
                type master;
                file "/var/named/master/built/EU/fedoraproject.org.signed";
        };
        zone "cloud.fedoraproject.org" {
                type master;
                file "/var/named/master/built/EU/cloud.fedoraproject.org.signed";
        };
        zone "getfedora.org" {
                type master;
                file "/var/named/master/built/EU/getfedora.org.signed";
        };
        zone "pagure.io" {
                type master;
                file "/var/named/master/built/EU/pagure.io";
        };
        include "/etc/named/zones.conf";
};

view "APAC" {
        match-clients { AF; BD; BN; BT; CN; HK; ID; IN; JP; KG; KH; KZ; LA; LK; MM; MN; MO; MV; MY; NP; PH; PK; SG; TH; TJ; TL; TM; UZ; VN; AS; AU; CC; CK; CX; FJ; FM; GU; HM; KI; MH; MP; NC; NF; NR; NU; NZ; PF; PG; PN; PW; SB; TK; TO; TV; UM; VU; WF; WS; IR; KP; KR; TW; };

        recursion no;
        zone "fedoraproject.org" {
                type master;
                file "/var/named/master/built/APAC/fedoraproject.org.signed";
        };
        zone "cloud.fedoraproject.org" {
                type master;
                file "/var/named/master/built/APAC/cloud.fedoraproject.org.signed";
        };
        zone "getfedora.org" {
                type master;
                file "/var/named/master/built/APAC/getfedora.org.signed";
        };
        zone "pagure.io" {
                type master;
                file "/var/named/master/built/APAC/pagure.io";
        };
        include "/etc/named/zones.conf";
};

view "AFR" {
        match-clients { AO; BF; BI; BJ; BW; CD; CF; CG; CI; CM; CV; DJ; DZ; EG; ER; ET; GA; GH; GM; GN; GQ; GW; KE; KM; LR; LS; LY; MA; MG; ML; MR; MU; MW; MZ; NA; NE; NG; RW; SC; SD; SL; SN; SO; SS; ST; SZ; TD; TG; TN; TZ; UG; ZA; ZM; ZW; BV; RE; SH; TF; YT; };

        recursion no;
        zone "fedoraproject.org" {
                type master;
                file "/var/named/master/built/AFR/fedoraproject.org.signed";
        };
        zone "cloud.fedoraproject.org" {
                type master;
                file "/var/named/master/built/AFR/cloud.fedoraproject.org.signed";
        };
        zone "getfedora.org" {
                type master;
                file "/var/named/master/built/AFR/getfedora.org.signed";
        };
        zone "pagure.io" {
                type master;
                file "/var/named/master/built/AFR/pagure.io";
        };
        include "/etc/named/zones.conf";
};


view "SA" {
        match-clients { AR; BO; BR; CL; CO; EC; GY; PY; PE; SR; UY; VE; FK; GF; AQ; AW; BB; CW; DM; GD; GP; GS; KN; LC; MQ; MS; PA; SX; TT; VC; };

        recursion no;
        zone "fedoraproject.org" {
                type master;
                file "/var/named/master/built/SA/fedoraproject.org.signed";
        };
        zone "cloud.fedoraproject.org" {
                type master;
                file "/var/named/master/built/SA/cloud.fedoraproject.org.signed";
        };
        zone "getfedora.org" {
                type master;
                file "/var/named/master/built/SA/getfedora.org.signed";
        };
        zone "pagure.io" {
                type master;
                file "/var/named/master/built/SA/pagure.io";
        };
        include "/etc/named/zones.conf";
};



view "DEFAULT" {
        match-clients { any; };
        recursion no;
        zone "fedoraproject.org" {
                type master;
                file "/var/named/master/built/DEFAULT/fedoraproject.org.signed";
        };
        zone "cloud.fedoraproject.org" {
                type master;
                file "/var/named/master/built/DEFAULT/cloud.fedoraproject.org.signed";
        };
        zone "getfedora.org" {
                type master;
                file "/var/named/master/built/DEFAULT/getfedora.org.signed";
        };
        zone "pagure.io" {
                type master;
                file "/var/named/master/built/DEFAULT/pagure.io";
        };
        include "/etc/named/zones.conf";
};

// Enabling bind9 statistics on localhost for collectd
statistics-channels {
	inet 127.0.0.1 port 8053;
};
